package com.tbm.common.aspect;

import com.tbm.common.constant.SessionConstant;
import com.tbm.entity.SystemUser;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.session.Session;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.annotation.After;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.aspectj.lang.annotation.Pointcut;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

/**
 * Created by Administrator on 2017/8/29.
 */
@Aspect
@Component
/**
 * 此切面，用于处理路由路径跳转之前的权限监测
 */
public class SessionAspect {


    private final static Logger logger = LoggerFactory.getLogger(SessionAspect.class);

    @Pointcut("execution(public * com.tbm.impl.controller.*.*(..))")
    public void controller() {
    }

    @Before("controller()")
    public void doBefore(JoinPoint joinPoint) {
        ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
        HttpServletRequest request = attributes.getRequest();
        //登录界面，跳过session检测
        String name = joinPoint.getSignature().getName();

        //对登录界面和退出操作，不进行权限控制
        if(name.equals("login")||name.equals("logout")){

        }else{
            HttpSession session = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest().getSession();
            Object systemUser = session.getAttribute(SessionConstant.SYSTEMUSER);
            Object attribute = session.getAttribute(SessionConstant.MD5PASSWORD);
            //验证成功
            if(systemUser instanceof SystemUser && attribute instanceof String){
                String password = ((SystemUser) systemUser).getPassword();
                String md5Password = (String) attribute;
                //session有效
                if(password.equals(md5Password)){
                    session.setAttribute(SessionConstant.STATE,true);
                //session无效
                }else{
                    session.setAttribute(SessionConstant.STATE,false);
                }
            //session不存在
            }else{
                session.setAttribute(SessionConstant.STATE,false);
            }
        }
        logger.info("class_method={}", joinPoint.getSignature().getDeclaringTypeName() + "." + joinPoint.getSignature().getName());
    }
    @After("controller()")
    public void after(JoinPoint joinPoint){
        String name = joinPoint.getSignature().getName();
        //如果方法名为：logout，则清除session
        if("logout".equals(name)){
            HttpSession session = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest().getSession();
            session.removeAttribute(SessionConstant.SYSTEMUSER);
            session.removeAttribute(SessionConstant.MD5PASSWORD);
            session.removeAttribute(SessionConstant.STATE);
        }
    }
}
